Results 1 to 2 of 2
  1. #1
    New Lounger
    Join Date
    Sep 2002
    Efland, North Carolina, USA
    Thanked 0 Times in 0 Posts

    Suggested changes to spyware fields sniffer macro (97/2000/XP)

    I have used Word for many years (since the Windows 1.0 "Preview" program that let you Print Preview a Word for DOS document under Windows 1.0), but I don't have it installed on my computer at the moment (I've replaced it with Because of this, I'm not going to try to write the code for my suggested macro, since I would almost certainly get it wrong.

    These suggestions are a revision of the existing "sniffer" macro which examines the field codes in a document.

    1) Retrieves the size (in bytes) of a Word document (oldSize)
    2) Evaluate all the field codes that might be problematic
    3) Get the document size again (newSize)
    4) If newSize > oldSize + errorMargin then spit out a warning. errorMargin would have to determined by trial and error, and some people may need to change the default. Like most security settings, the value of errorMargin depends on the necessary comfort level (how small a file can be stolen) versus the convenience (am I going to get a warning every time this macro runs).
    5) Undo all the changes to return the document to normal.

    If (5) is problematic or inefficient, then change the macro to compare sizes after each field code is evaluated; then undo the single change immediately. This would also make it easy to display the text of the offensive field code in a warning dialog to the user.

    If this macro was automatically run every time a document is opened, it could inform the user of problems immediately.

    Another possible option, which would be nice for people who legitimately use the potentially dangerous field (and I know of at least one person), would be some way to disable the macro for a given document. Rather than embedding something in the document (which a hacker could duplicate), perhaps checking the absolute file path for a particular directory would work. Don't check for a specific folder, instead look for a matching name in the path. That way the user isn't forced to move all the documents he wants to exclude under the same directory (this is the mistake that Microsoft made with the PocketPC - all documents you wanted to replicate to the PPC had to be under the same folder). If the user placed all the documents he knew were safe in a 'SafeFields' folder (for instance), then the macro would ignore them. If this is done then you need to make sure that keyword is actually a directory name and not part of the file name.



  2. #2
    Platinum Lounger
    Join Date
    Dec 2000
    Hornsby Heights, New South Wales, Australia
    Thanked 0 Times in 0 Posts

    Re: Suggested changes to spyware fields sniffer macro (97/2000/XP)

    A lack of time to dig around the yucky mess that is called a word object has led us to adopted Bill Coan's Hidden Field Detector. Anyone who installed our FieldSniffer should uninstall it and get the new program here. It picks up heaps more than the quck'n dirty Sniffer did. Those of you who've previoulsy downloaded Bills program make sure you manually remove his older version. The new version comes with a full install / uninstall which I created for this program. But, the installer can not uninstall the manually copied template. <img src=/S/sad.gif border=0 alt=sad width=15 height=15>
    Cheers, Claude.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts